PfSense 2.0 RC3 tap/bridging mode for "road warrior" setup



  • Are there any workarounds currently to get a tap/bridged setup working?  I'd like "road warrior" clients to be able to be assigned an IP on the target LAN, rather than just one from the tunnel range.

    No matter what I do, the only address I can seem to get assigned to clients who successfully connect is an address in the tunnel range.

    I've set up a DHCP server on the LAN interface with an appropriate IP range, and have tried adding another interface (OPT1) set to the OpenVPN server, then adding a bridge between OPT1 <> LAN and firewall rules to allow all traffic.  I've tried both static and none for addressing OPT1.  None of this seems to work.

    Logs show OpenVPN authorizing & connecting fine, and nothing blocked by the firewall.

    Any suggestions on how to make this work?

    Edit: The only references I see for 2.0 in the forum describe tap/bridging as possible, but "not pretty."  I'm willing to shoot for ugly at this point if anyone has any homely suggestions.  Thanks.



  • After poring over all the bridging/tap entries I could find from betas/earlier RCs, I still can't find any specifics on how to make this work in RC3.  I've added  a line like server-bridge 192.168.0.170 255.255.255.0 192.168.0.171 192.168.0.180 to the extra parameters under the OpenVPN server page, but I get an error in the OpenVPN log that the server can't have both 'server' and 'server-bridge' entries in the config.  Still can't get anything but the tunnel address to assign to the clients when they log in.

    I'm open to modifying the openvpn.inc file or anything else, but could really use some pointers as to how to do this for a "road-warrior" tap/bridging server.



  • I would also like to know how to get a TAP interface going on OpenVPN so broadcast traffic gets through. We used this extensively in 1.2.3 and we have been able to TUN working in 2.0.




Log in to reply